Sanitize summary field in search results

JPrevost · JPrevost · commit fd7a30c89c50 · 2025-12-18T10:59:04.000-05:00
Why are these changes being introduced: * Some summaries had HTML tags that were being rendered as text in the search results. Sanitizing the summary field allows certain HTML tags to be rendered properly while stripping out potentially harmful tags. Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/USE-297 How does this address that need: * Uses rails `sanitize` helper to allow certain HTML tags in the summary field while stripping out others. Document any side effects to this change: * I'm using sanitize with no parameters which seems to look good. If we find we want slightly different behavior we can dig deeper into what tags/attributes to allow.
diff --git a/app/views/search/_result.html.erb b/app/views/search/_result.html.erb
@@ -47,7 +47,7 @@
 
       <% if result[:summary].present? %>
         <div class="result-summary truncate-list">
-          <span class="sr">Summary: </span><%= result[:summary] %>
+          <span class="sr">Summary: </span><%= sanitize result[:summary] %>
         </div>
       <% end %>
     </div>
diff --git a/app/views/search/_result_primo.html.erb b/app/views/search/_result_primo.html.erb
@@ -54,7 +54,7 @@
 
       <% if result[:summary].present? %>
         <div class="result-summary truncate-list">
-          <span class="sr">Summary: </span><%= result[:summary] %>
+          <span class="sr">Summary: </span><%= sanitize result[:summary] %>
         </div>
       <% end %>
     </div>
